research-article

Performance evaluation of client-based traffic sniffing for very large populations

Authors:

P. Roquero,

E. Magaña,

R. Leira,

J. AracilAuthors Info & Claims

Volume 166, Issue C

https://doi.org/10.1016/j.comnet.2019.106985

Published: 15 January 2020 Publication History

Abstract

Current Internet users are demanding an increased mobility and service ubiquity, which, in turns, requires that Internet services are provided from different datacenters in the cloud. Traffic monitoring in such a mobile scenario, for security and QoS monitoring purposes, is rather challenging, as the sniffing points may be fully distributed in the operator’s network. To complicate matters, outgoing traffic may leave the network through a given PoP and return through a different one. As a result, traffic monitoring at the edges, at the very client terminal or domestic router, becomes a sensible alternative. However, such a measurement scheme implies that millions of tiny monitoring probes are continuously producing flow records, which builds up a significant load for the monitoring data collector and for the network itself, aside from the induced load to the client terminal or router. In this paper, we study whether such large scale deployment of microsniffers is feasible in terms of the resulting load, namely deployment of lightweight network probes that perform passive measurements at the client terminal. We further propose data summarization schemes to reduce load with minimum information loss.

Our findings show that deployment of a large populations of microsniffers is feasible, provided that adequate data thinning techniques are provided, as we propose in this paper.

References

[1]

K. Levchenko, A. Dhamdhere, B. Huffaker, K. Claffy, M. Allman, V. Paxson, Packetlab: a universal measurement endpoint interface, Proceedings of the 2017 Internet Measurement Conference, ACM, 2017, pp. 254–260,.

Digital Library

Google Scholar

[2]

P.S. Croll A., Complete Web Monitoring, O’Reilly Media, 2009.

Google Scholar

[3]

M. Dhawan, J. Samuel, R. Teixeira, C. Kreibich, M. Allman, N. Weaver, V. Paxson, Fathom: a browser-based network measurement platform, Proceedings of the 2012 Internet Measurement Conference, IMC’12, ACM, New York, NY, USA, 2012, pp. 73–86,.

Digital Library

Google Scholar

[4]

A. Le, J. Varmarken, S. Langhoff, A. Shuba, M. Gjoka, A. Markopoulou, Antmonitor: a system for monitoring from mobile devices, Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data, ACM, 2015, pp. 15–20,.

Digital Library

Google Scholar

[5]

V. Sharma, G. Bartlett, J. Mirkovic, Critter: Content-rich traffic trace repository, Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, ACM, 2014, pp. 13–20,.

Digital Library

Google Scholar

[6]

S. Radovanovic, N. Nemet, M. Cetkovic, M.Z. Bjelica, N. Teslic, Cloud-based framework for QoS monitoring and provisioning in consumer devices, Consumer Electronics?‘ Berlin (ICCE-Berlin), 2013. ICCEBerlin 2013. IEEE Third International Conference on, IEEE, 2013, pp. 1–3,.

Crossref

Google Scholar

[7]

H. Kawazoe, D. Ajitomi, K. Minami, A test framework for large-scale message broker system for consumer devices, Consumer Electronics-Berlin (ICCE-Berlin), 2015 IEEE 5th International Conference on, IEEE, 2015, pp. 24–28,.

Crossref

Google Scholar

[8]

Libpcap, (http://www.tcpdump.org/).

Google Scholar

[9]

Openssl, (https://www.openssl.org/).

Google Scholar

[10]

C. Vega, P. Roquero, J. Aracil, Multi-Gbps http traffic analysis in commodity hardware based on local knowledge of tcp streams, Comput. Netw. 113 (2017) 258–268,.

Digital Library

Google Scholar

[11]

Wireshark, (https://www.wireshark.org).

Google Scholar

[12]

Tstat, (http://tstat.polito.it).

Google Scholar

[13]

CNMC, Comisión nacional de los mercados y la competencia. informe anual 2017, 2017, (http://data.cnmc.es/datagraph/jsp/inf_anual.jsp).

Google Scholar

Index Terms

Performance evaluation of client-based traffic sniffing for very large populations
1. General and reference
  1. Cross-computing tools and techniques
2. Networks
  1. Network performance evaluation
  2. Network services
    1. Network management
    2. Network monitoring

Index terms have been assigned to the content through auto-classification.

Recommendations

HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting

The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. ...
DNS-based Internet Client Clustering and Characterization
Link-based performance monitoring of ATM networks
LCN '00: Proceedings of the 25th Annual IEEE Conference on Local Computer Networks

The complexity of today's communication networks supporting a wide range of QoS parameters and providing almost "unlimited" bandwidth intensifies the importance of adequate management solutions. Especially for ATM with its inherent distribution aspect ...

Comments

Information & Contributors

Information

Published In

cover image Computer Networks: The International Journal of Computer and Telecommunications Networking

Computer Networks: The International Journal of Computer and Telecommunications Networking Volume 166, Issue C

Jan 2020

319 pages

ISSN:1389-1286

Issue’s Table of Contents

Publisher

Elsevier North-Holland, Inc.

United States

Publication History

Published: 15 January 2020

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Index Terms

Recommendations

HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting

DNS-based Internet Client Clustering and Characterization

Link-based performance monitoring of ATM networks

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations